hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 05:06:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9ec30fa2aac06685ebdb0109747ee611f58dd77
codeql/python/ql/src/Statements/IterableStringOrSequence.qhelp
Mark Shannon 5f58824d1b Initial commit of Python queries and QL libraries.
2018-11-19 15:10:42 +00:00

48 lines
2.0 KiB
XML
Raw Blame History

<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>The <code>for</code> statement is designed to allow you to iterate over the elements of a
sequence or other iterable object. Strings in Python are iterable, and often used as such.
However, they are also often considered, not as sequences of characters, but as atomic entities.
</p>
<p>
One source of defects in Python is mistakenly iterating over a non-iterable object such as an integer.
This sort of defect is easily detected as a <code>TypeError</code> will be raised. However, if a string
is mistakenly used as the iterable in a <code>for</code> statement, which also receives other sequences
(such as lists) then the code will iterate over the string one character at a time.
This is probably not what the programmer intended and results in errors that are hard to find.
</p>
</overview>
<recommendation>
<p>Since this defect usually indicates a logical error, it is not possible to give a general method
for addressing the defect. However, adding a guard that checks that the iterator is not a string
could be worthwhile.
</p>
</recommendation>
<example>
<p>
In this example, the loop may iterate over <code>"Hello"</code> producing one character per line,
as well as over <code>[ "Hello", "World" ]</code>
It is likely that the programmer forgot to wrap the <code>"Hello"</code> in brackets.
</p>
<sample src="IterableStringOrSequence.py" />
</example>
<references>
<li>Python Language Reference: <a href="http://docs.python.org/reference/compound_stmts.html#the-for-statement">The for statement</a>,
<a href="http://docs.python.org/2.7/reference/datamodel.html#object.__iter__">object.__iter__</a>.</li>
<li>Python Standard Library: <a href="http://docs.python.org/dev/library/stdtypes.html#iterator-types">Iterator types</a>.</li>
<li>Scipy lecture notes: <a href="http://scipy-lectures.github.io/advanced/advanced_python/#iterators">Iterators,
generator expressions and generators</a>.</li>
</references>
</qhelp>
Reference in New Issue View Git Blame Copy Permalink